with import <nixpkgs> {};
let
  pki = pkgs.callPackage ./lib/pki.nix {};
  certs = {
    ca = pki.ca;
    fs = pki.etcd ''
        "fs0-0",
        "fs0-1",
        "10.253.18.106",
        "10.1.2.164",
        "127.0.0.1"
      '';
  };
  clusterHosts = ''
    10.253.18.106 fs0-0
    10.1.2.164    fs0-1
  '';

  nixosConfig = node: {
    imports = [ (./hardware-configuration + "/${node}.nix") ./nixos/configuration.nix ];
    networking = {
      hostName = node;
      extraHosts = clusterHosts;
      # firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
      # firewall.allowedTCPPorts = [ 80 443 ];
    };
    environment.systemPackages = [ pkgs.tshark ];
    services.glusterfs = {
      enable = true;
      tlsSettings = {
        caCert = certs.ca.cert;
        tlsKeyPath = certs.fs.key;
        tlsPem = certs.fs.cert;
      };
    };
  };
in
{
  fs0-0 = { ... }:
    let
      base = nixosConfig "fs0-0";
    in
    {
      deployment.targetHost = "10.253.18.106";
      require = [ base ];
      services.nfs.server = {
        enable=true;
        exports= ''
          /data/vol1 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
        '';
      };
      networking.firewall.allowedTCPPorts = [ 111 2049 ];
      networking.firewall.allowedUDPPorts = [ 111 2049 ];
    };
  fs0-1 = { ... }:
    let
      base = nixosConfig "fs0-1";
    in
    {
      deployment.targetHost = "10.1.2.164";
      require = [ base ];
    };
}